What is IBM QRadar User Behavior Analytics?

IBM® QRadar User Behavior Analytics (UBA) is an app that provides early visibility to insider threats. It is an extension of the IBM QRadar Security Intelligence Platform that analyzes the usage patterns of insiders to determine if their credentials or systems have been compromised by cybercriminals.

The app features a user-centric dashboard showing risky users by name and their anomalous activities, along with QRadar associated incidents. A single mouse click adds suspects to a watch list or permits a text-based annotation to explain the observations, or drill down into underlying log and flow data.

Extend the capabilities of IBM Security solutions with IBM® Security App Exchange

Monitor risky activity to identify and manage insider threats

IBM QRadar User Behavior Analytics (UBA) app provides at-a-glance visibility to individual users and anomalous behaviors that could be signs of an insider threat

  • IBM QRadar UBA extends the QRadar Security Intelligence Platform and adds a user-centric view
  • QRadar UBA app components include number of monitored users, high risk users, risk categories, security events and offenses, system status, and user watch list
  • UBA dashboard is an integrated part of the QRadar console

See how IBM QRadar UBA app addresses insider threats

Why use IBM QRadar User Behavior Analytics?

Insider threats are responsible for about 60 percent of the security attacks facing organizations, many of which are the result of users’ credentials falling into the hands of hackers via internal employees, contactors or partners who are victims of malware-laden phishing attacks or other techniques.

For example, the new user behavior analytics app would alert analysts to a user logging into a high value server for the first time, from a new location, while using a privileged account. This abnormal pattern would be identified because the UBA app solution created a baseline of normal user behavior and detected a significant deviation from it.

“Insider threats are responsible for about 60 percent of the security attacks facing organizations.”

What are the benefits of IBM QRadar User Behavior Analytics?

Extends the capabilities of IBM QRadar Security Intelligence Platform

  • Includes a new, integrated dashboard
  • Incorporates user behavior analytics
  • Provides security analysts visibility to individual users and behavioral anomalies

Addresses insider threats

  • Guards against rogue insiders and cybercriminals using compromised credentials
  • Checks anomalous behaviors, lateral movement, threats and data exfiltration – with a user focus
  • Provides visibility to high risk users and their actions

Makes security analysts more productive

  • Calculates risk scores and rank orders high risk users
  • Uses data collected by QRadar and applies new, out-of-the-box behavioral rules and analytics
  • Shows the log and flow data involved in a security offense
  • Detects anomalies and builds user watch lists
  • Displays results by user in a new QRadar tab and dashboard
  • Integrates with Incident Response solutions for faster time to closure

Produces results almost immediately after deployment

  • Downloads quickly and easily as a free application from the IBM Security App Exchange
  • Installs quickly and provides rapid time to value
  • Requires no additional investment for QRadar clients

Learn more about the IBM Security App Exchange

Get the apps

Obtain the apps you need to protect your organization. Visit the IBM Security App Exchange.

Capabilities

Extend the capabilities of IBM Security solutions with IBM Security App Exchange.

App Exchange

Learn more about the IBM Security App Exchange

 

Get the apps

Obtain the apps you need to protect your organization. Visit the IBM Security App Exchange.

Capabilities

Extend the capabilities of IBM Security solutions with IBM Security App Exchange.

 

Resources

Contact IBM

Considering a purchase?